National cybersecurity co-­ordinator Darren Goldie said successive cyber attacks on businesses this year – including Optus, Medibank, Latitude and HWL Ebsworth – were not worst-case scenarios, as he revealed the step-up in government engagement with industry through cyber attack training exercises.

Those cyber attacks saw millions of Australians’ private data stolen as well as information from sensitive government departments, including the Home Affairs Department and Department of Defence.

“One of the things I expect the government to announce is a national exercise program,” Air Marshal Goldie said on the sidelines of Singapore International Cyber Week. “We already have elements of that in place.”

He said early exercises had focused on critical industries like telecommunication and aviation, where a sophisticated hack could result in “a multi-day, multi-sector cyber incident”.

“Down in Melbourne, we had an exercise last month where we brought in all of the major telcos … We’ve also run one … with the aviation sector,” he said.

Air Marshal Goldie said the focus of these exercises would be on the 11 critical infrastructure assets as defined by legislation, including electricity, broadcasting, freight, water, healthcare, food, and energy.

“We have plans going forward for the health sector, for the energy sector,” he said.

The strategy would also see government “ramp up” engagement of this kind, Australian Cyber Security Centre – a part of the Australian Signals Directorate – assistant director-general, technical threats and visibility, Jacqueline Barr said.

“There’s an expectation, particularly those that hold unique responsibilities – whether they be systems of national significance or systems of critical infrastructure – to protect Aus­tralians’ data or protect the critical infrastructure they’re responsible for,” she said.

Exercises helped to build up capacity for cyber attacks and open up lines of communication, which were particularly critical for more sophisticated attacks, Mr Goldie said.

He hypothesised on what a more sophisticated hack could look like. “If we had a major telecommunications outage in the nation, quite quickly a number of people wouldn’t be able to navigate their cars anymore because they rely upon … the internet,” he said.

“Once you can’t navigate your car, the distribution of food and beverages across the country slows down.

“Once the distribution of food and beverages slows down, we start having a challenge where the viability of our grocery companies, for instance, in continuing to trade. So what starts here has full impact.

“When you’re crossing sectors, you’re crossing regulators, and then suddenly, if it appears over here, we are placing demand signals on Australia’s response that will be challenging.”

Home Affairs Minister Clare O’Neil has said the government would release later this year the 2023-30 cybersecurity strategy.

Noah Yim was a guest of Singapore International Cyber Week.

Noah YimReporter

Noah Yim is a reporter at The Australian's Canberra press gallery bureau. He previously worked out of the newspaper's Sydney newsroom. He joined The Australian following News Corp's 2022 cadetship program.

@noah_yim

Noah Yim

More related stories

Commentary

PM trying to have it both ways on broken energy promise

The PM has dumped his pledge to cut power prices by $275. Why, then, is Labor clinging to its core renewable plans using the same modelling?

Read more

Economics

Campaign, tariff threat keep RBA on the sidelines

The Reserve Bank is set to keep interest rates unchanged on Tuesday as it awaits the outcome of the May 3 election and the impact of US President Donald Trump’s tariffs.

Read more